Abstract: Bandwidth throttling in a browser isolation environment is disclosed. A request is received from a client browser executing on a client device to connect to a website. The browser isolation system provides a surrogate browser to facilitate communications between the client browser and the remote resource. A throttle is applied to a portion of content delivered to the client browser in response to the received request.

Abstract: Bandwidth throttling in a browser isolation environment is disclosed. A request is received from a client browser executing on a client device to connect with a remote resource. The browser isolation system provides a surrogate browser to facilitate communications between the client browser and the remote resource. A throttle is applied to a portion of content delivered to the client browser in response to the received request.

Abstract: A thin agent installed within a guest virtual machine (GVM) enables a service application to monitor events within the GVM and to perform certain system functions within the GVM. The thin agent maintains a distinct set of rules for selectively reporting system events to each different service application connected to the thin agent. A multiplexer executing within a virtualization software is configured to facilitate communication between a plurality of thin agents and a plurality of service applications. A services manager facilitates communication between new service applications and the thin agents. Each service application is able to advantageously add new functions to production GVMs without interrupting proper operation of the GVMs.

Abstract: Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent. By tracking writes to and execution of the respective pages, the monitoring process may determine whether the agent has been modified and whether the agent is still running.

Abstract: A method and a system scan a virtual machine (VM). The method stores a first copy of a scan token associated with a first scan operation within a VM and stores a second copy of the scan token in a database accessible by a management module. Upon restarting of the VM, a scan token in the restarted VM is compared with a scan token associated with the restarted VM in the database. The scan token in the restarted VM is current when the scan token in the restarted VM matches the scan token in the database. A first scan operation is resumed on the restarted VM when it is determined that the scan token in the restarted VM is current, and a new first scan operation of the restarted VM is initiated when it is determined that the scan token in the restarted VM is not current.

Abstract: Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent.

Abstract: A method and a system scan a virtual machine (VM). The method stores a first copy of a scan token associated with a first scan operation within a VM and stores a second copy of the scan token in a database accessible by a management module. Upon restarting of the VM, a scan token in the restarted VM is compared with a scan token associated with the restarted VM in the database. The scan token in the restarted VM is current when the scan token in the restarted VM matches the scan token in the database. A first scan operation is resumed on the restarted VM when it is determined that the scan token in the restarted VM is current, and a new first scan operation of the restarted VM is initiated when it is determined that the scan token in the restarted VM is not current.

Abstract: A system is provided to facilitate on-demand data scan operation in a guest virtual machine. During operation, the system generates an on-demand scan request at a scanning virtual machine, wherein the request specifies a scope for the on-demand scan. The system communicates the on-demand scan request to the guest virtual machine and receives data from the guest virtual machine in response to the request. The system identifies the data as candidate for on-demand scanning and scans the data in furtherance of a security or data integrity objective.